I am trying to use docker Macvlan network in a simple docker Swarm with one manager and one worker. I created a network in each node like this in manager 1:

docker network create --config-only --subnet 192.168.1.0/24 --gateway=192.168.1.1 --ip-range 192.168.1.192/27 -o parent=eth1 collabnet

and same thing in worker 1:

docker network create --config-only --subnet 192.168.1.0/24 --gateway=192.168.1.1 --ip-range 192.168.1.192/27 -o parent=eth1 collabnet 

then I assigned the network to the swarm

docker network create -d macvlan --scope swarm --config-from collabnet swarm-macvlan

After that, when i create a service it cannot communicate at all with other hosts on the network. If i create the service in the manager node I can ping it only from the host itself after adding a macvlan interface and routing rules. And the worst is if I create a service in the worker and the manager the containers took the same IP address (the first one of ip-range) !!!

I also noticed that when I create swarm-macvlan network, it appears only when I list networks on the manger node and I don’t find it in the worker node networks. But if I create the service on the worker node I can find it with docker network ls. Is this a normal behavior?

This is how I create my service

docker service create --replicas 1 --network swarm-macvlan --constraint node.role==worker  centos/ssh:centos7

My docker version is 18.09.0 and i am using CentOS image in CentOS hosts for the worker and manager

I guess your example is taken from here?
https://collabnix.com/docker-17-06-swarm-mode-now-with-macvlan-support/

I am not entirely sure, but from what I remember, swarm scoped overlay networks are created on a node when at least one container on the node uses it. I would assume, the same is true for macvlan networks. Did you try to scale up and see what happens?

Also: are you aware that the linux kernel prevents macvlan interfaces to access the hosts ip?

Yes this is the example that I tried. But what I want to do is to make my OS containers accessible through SSH in my LAN. So i think this can’t be done this way if the linux kernel prevents macvlan interfaces to access the hosts ip.
I tried two scenarios,
1- When I start a service with a constraint where the containers run on a single node, every things goes well and each container have its own ip.
2- If I start a service without constraint then a scale up to 4 for having 2 containers in each node. The containers in different hosts have the same ip.

Maybe I am not understanding well macvlan principle’s. Is it more like NAT networking, where each host running docker have it’s own LAN?

This is working as intended, and nobody want to fix this for you. The answer that I found was to buy some network stack plugins, that handles the IP assignment itself…

If you don’t want to pay lots of money, the easy way is to start docker within docker as a service, that itself starts your container with docker run, that can use the --ip flag, so that you can handle the IP assignment yourself…

Have fun with it…